Bluetooth phones hacked from a mile away

Bluetooth phones may be vulnerable to attack from up to a mile away by a new device that can pick up distant transmissions from enabled handsets.

The so-called BlueSniper consists of a directional "yagi" antenna mounted on a shotgun stock. The stock contains a Bluetooth module and processor in its magazine. It can also be linked up to a laptop.

The man who built the device, John Hering of wireless security consultants Flexilis, said the BlueSniper can scan and attack Bluetooth devices up to a mile away. He added that would be possible to track a single Bluetooth phone as a person walked round but this would require multiple BlueSnipers to work.

"In less than a few minutes, twenty devices were detected - all at distances over a half mile away" Said Herring. "We decided to quickly conclude the scan, given police activity in the area earlier in the day from a bomb scare."

He said the device was easy to make, "The parts are easily available for a few hundred dollars and you can make this gun in a long afternoon." The BlueSniper was developed from an earlier prototype exhibited at the DefCon hackers convention last year.

Bluetooth vendors group, The Bluetooth Special Interest Group, said any attack on a Bluetooth device needed to be within 10 meters of the device in order to work without specialized equipment. It said that the organization and its members took security "very seriously".

"Vulnerabilities that have come to light either exploit the Bluetooth link as a conduit, much like the Internet to the PC, or are a result of the implementation of Bluetooth technology within the device," it said in a statement.

"As within the PC industry, the security flaws that are revealed are typically solved by new software builds and upgrades."

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.